IDS mailing list archives
Catching Spammers with IDS
From: Greg Martin <greg () ddos com>
Date: 12 Apr 2005 03:10:12 -0000
I am interested in hearing some of your stories on how to catch spammers on your network. I know some of their possible characteristics are a definable pattern such as massive # of MX queries on local dns resolver or common of late with the big spammers is to use compromised hosts (proxy spamming) which will be thousands of outgoing or incoming reverse DNS lookups at high rate. A quick google returns very little on this subject, so how are _you_ using current IDS technology to proactively look for spammers? Please share your knowledge, snort rules, bpf's anything to help bring and end to this nuisance - Greg Martin -------------------------------------------------------------------------- Stop hurting your network! The NeVO passive vulnerability sensor continuously finds vulnerabilities, applications and new hosts without the need for network scanning. It also finds compromised systems with application-based intrusion detection. Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more. --------------------------------------------------------------------------
Current thread:
- Catching Spammers with IDS Greg Martin (Apr 13)
- Re: Catching Spammers with IDS Paul Schmehl (Apr 15)